我正在用Java 11读取JSON文件,如下所示,但是在使用声纳Qube进行分析时,出现扫描错误,请让我知道如何克服这个问题:
File file = ResourceUtils.getFile("classpath:8Aug.json");
byte[] bFile = readAllBytes(Paths.get(file.getAbsolutePath()));
我在使用声纳Qube扫描时遇到的错误如下所示:
java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path; reads a file whose location might be specified by user input, A file is opened to read its content. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files from an arbitrary filesystem location could be read.
此规则标识潜在的路径遍历漏洞。在许多情况下,构造的文件路径不能由用户控制。如果是这种情况,则报告的实例为假阳性。